Skip to content
Permalink
Browse files Browse the repository at this point in the history
fix: Fixed a DOM based XSS with cortex type attributes
- as reported by Dawid Czarnecki (dawid@pz.pl)
  • Loading branch information
iglocska committed May 18, 2018
1 parent 2b2a0c2 commit 5efc07b
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion app/webroot/js/misp.js
Expand Up @@ -3160,7 +3160,7 @@ function submitMISPUpdate() {

$(".cortex-json").click(function() {
var cortex_data = $(this).data('cortex-json');
cortex_data = JSON.stringify(cortex_data, null, 2);
cortex_data = htmlEncode(JSON.stringify(cortex_data, null, 2));
var popupHtml = '<pre class="simplepre">' + cortex_data + '</pre>';
popupHtml += '<div class="close-icon useCursorPointer" onClick="closeScreenshot();"></div>';
$('#screenshot_box').html(popupHtml);
Expand Down

0 comments on commit 5efc07b

Please sign in to comment.